download report


Fall Agenda Setting and Discussion
NPTF FY ‘08 Members
Robin Beck, ISC
Michael Palladino, ISC (Chair)
Mark Aseltine / Mike Lazenka, ISC
Gary Delson/Geoff Filinuk, ISC
Dave Millar, ISC
Deke Kassabian / Melissa Muth, ISC
Chris Bradie /Dave Carrol, Business Services
Doug Berger / Manuel Pena, Housing and
Conference Services
Cathy DiBonaventura/Rick Haverkamp,
School of Design
Helen Anderson, SEAS
Brian Doherty, SAS
John Irwin, GSE
Ira Winston, SEAS, SAS, Design
■ Deirdre Woods /Dan Alig, Wharton
■ Mary Alice Annecharico /Mike Herzog,
■ Rich Cardona, Annenberg
■ Kayann McDonnell, Law
■ Donna Milici, Nursing
■ Ken McCardle, Vet School
■ Jeff Fahnoe, Dental
■ Grover McKenzie, Library
■ Mary Spada, VPUL
■ Marilyn Spicer, College Houses
■ Joseph Shannon, Div. of Finance
■ Steve Stines /Dominic Pasqualino, OAC
■ Marilyn Jost, FRES
■ Michael Weaver, Budget Mgmt. Analysis
■ Defining the NPTF process for FY ’08
■ Topics gathered thus far
■ Additional discussion
■ Setting the Fall agenda
NPTF Meeting Schedule – FY ‘08
■ 1:30-3:00pm in 337A Conference Room, 3rd floor of 3401
Walnut Street
■ Process
Intake and Current Status Review – July 16
Agenda Setting & Discussion - September 17
Strategy Discussions - October 1
Security Strategy Discussions - October 15
Strategy Discussions - October 29
Prioritization - November 5
Rate Setting – November 19
NPTF Process Feedback
■ Too much information is crammed into too short a timeframe.
■ We don’t get enough time to prioritize things in the Fall.
■ We don’t get enough time to discuss financial decisions with our deans
before our budgets are due.
■ Is it possible to see the projected budget in September so that we know how
much discretionary money there is before we start?
■ Suggestions:
Finish Fall process in early November.
Hold fewer meetings in the Fall (3-4 total)
Hold off-season meetings (2) to discuss strategic items
Hold off-season meetings (2) for a closer review of operational items.
■ Do a review of where N&T resources are going for services and R&D.
■ Do a survey to get more formal feedback on current services.
■ “Polish” current services like VoIP before spending more time on new
NPTF Security Feedback
■ Security is the “beast” that ate NPTF
■ Is NPTF the right place to discuss it?
■ Is there other centralized money for it?
■ We need to see a multi-year security strategy
■ What is the budget impact of it centrally (charged by ISC if any)
and locally to schools.
■ What is the budget impact of various security policies?
FY ‘09 Price Setting
■ We will re-evaluate pricing for:
10 Mbps ($6.03)
100 Mbps ($7.03)
1000 Mbps ($30)
vLANs ($2.50)
Wireless ($27)
VoIP/ Voicemail/ IM
Video services
Analog voice services
Central Service Fee (headcount and IP addresses)
N&T Operational Initiatives for FY ’08
■ Next Generation PennNet
■ Gigabit building/subnet connections (router ports)
■ Single-mode fiber to buildings (new pathway if necessary)
■ Redundant building/subnet connections
■ Customer Service
■ Online, self-service intake for voice and data orders/ Service
Order Intake (SOI)
■ Always striving for better communications and feeling the urgency
in your requests
■ Wireless
■ Expand 802.1x authentication to all wireless PennNet areas
where current web authentication exists for wireless-PennNet.
(Dual SSIDs)
Strategic Discussions for FY ’08
■ Communication Names
■ Develop infrastructure necessary to implement Communication Names in
order to support longer and more meaningful user names for email and
other electronic communications.
■ Complete name space clean up
■ Augment PennNames to support Communication Names
■ Develop application to create Communication Names
■ Create web interface to allow authorized users to lookup, add, modify and
delete Communication Names
■ Create API to allow authorized applications to lookup, add, modify and
delete Communication Names
■ Modify Penn Community to store Communication Names
■ Should we do cost estimates on this project?
■ Wireless
■ Seamless roaming
■ 802.1x only (visitors)
■ Earthlink as wireless overlay. Outsource outside?
Strategic Discussions for FY ’08 (Contd.)
■ Integrated Communications
VoIP redundancy & scheduled down-time
■ Video Strategy
■ Digital video
■ Desktop teleconferencing
■ File sharing and archiving/Flexible method for sharing data
■ How broadly and on what time line should PennNet Gateway (scan and block) be
deployed once it is fully ready? Or as desktop/laptop operating systems with
automated security updates become common, does PennNet Gateway become a
lower priority?
■ What should the timing be for a single campus-wide network access control for both
wired and wireless networks?
■ Can we enhance perimeter intrusion detection?
■ UPS on all network electronics
■ Cell phone coverage in buildings
FY ‘08 Security Goals
■ Compliance: Roll out the Security and Privacy Impact Assessment (SPIA)
process, in conjunction with Penn’s Privacy Office to better manage Universitywide IT security and privacy risk to 8-12 schools & centers.
■ Prevention: Establish Penn LSP security training & certification (computer
based training and testing) and conduct security technology training for 3 – 5
topics. New employee online security and privacy awareness training.
■ Identity Management
■ Security Assessment: Engage with Oracle Corporation to review database security
and identity management infrastructure to ensure timely and secure access to Penn
enterprise IT resources
■ Develop a plan for next generation PennKey.
■ Implement Shibboleth for federated identity.
■ Build and deploy a central authorization system to minimize the risk of exposing
sensitive data and/or violation of policy or law
FY ‘08 Security Goals (Continued)
■ Select a recommended product for stored data encryption
■ Should we do centralized key escrow?
■ Limit SSN availability through Data Warehouse
■ Develop strategy documents:
■ Develop logging best practices in conjunction with HARTS team
■ Beyond passwords, next steps for authentication
■ Personal device security
■ Subnet level intrusion detection
■ Pennnet Gateway: Help prevent compromised systems from spreading
malware on the network and avoid increased support needs for incidence
■ Pilot deployment for College Houses, Sansom Place and GreekNet wireless
areas and possibly two other schools and centers.
Possible FY ‘09 Security Goals
■ Year three of four-year SPIA rollout.
■ Identity Management
■ Extend Authorization system’s group management capability to include privilege
■ Online provisioning for Penn administrative applications.
■ Implement first phase of Next Generation PennKey
■ Implement security event logging
■ Logging policy (protecting against brute force attacks)
■ Pilot Critical Host Vulnerability Management agent and Compliance Reporting.
■ PennNet Gateway: full roll out to residential system
■ Review campus A/V strategy vs. Host-Based Intrusion Prevention. Compare
Symantec with alternatives.
■ Campus-wide all staff (then faculty) security and privacy awareness online
Additional Discussion
■ What have we missed that is critical to be done in FY
‘08 or planned for now to do in FY’09 and beyond?
■ What can we eliminate?
■ Bluesocket wireless authentication.
■ Can we move 100% to 802.1x by Fall ’08?
■ Netnews
IT Roundtable Topics
■ Benchmarking with peers
■ Trailing Edge
■ Leading Edge
■ Data Center/ Facilities Management
■ Research Computing
■ Email
■ Content Management